avatarJohn Teehan

Summary

The website content provides insights into social engineering and phishing threats, emphasizing the importance of proactive measures and training to protect personal and business information.

Abstract

The article "Social Engineering, Phishing, and How to Protect Your Business" underscores the growing sophistication of phishing attacks, which manipulate individuals into divulging sensitive information or installing malware. It highlights the tactics used by cybercriminals, such as targeting HR and financial staff, and the increasing use of vishing and SMSishing. The text advises individuals and businesses to exercise caution, verify requests for information, and implement comprehensive security measures, including strong passwords, security training, and regular penetration tests. It stresses that while technological defenses are crucial, educating employees is key to preventing social engineering attacks.

Opinions

  • The author believes that being forewarned about social engineering and phishing is crucial for protecting businesses.
  • There is an emphasis on the need for businesses to be vigilant about the increasing sophistication of phishing tactics, which now include vishing and SMSishing.
  • The article suggests that while controlling the availability of personal information online is challenging, controlling one's response pace to suspicious communications is a practical defense strategy.
  • It is implied that human error is a significant vulnerability in cybersecurity, and thus, training employees is as important as having robust security tools.
  • The author advocates for regular social engineering penetration tests to ensure the effectiveness of security measures.
  • The article conveys a sense of urgency for businesses to prioritize both technological and human elements in their cybersecurity strategies.

Social Engineering, Phishing, and How to Protect Your Business

Forewarned is forearmed. Learn the dangers and solutions.

Photo by Taskin Ashiq on Unsplash

Every day, inboxes are bombarded with suspicious emails probing for sensitive personal or business information. Careless responses to these emails have led to huge consequences for the unwary and have resulted in downtime, data breaches, and serious financial loss. These types of threats are considered social engineering, a term for manipulating people into doing something they would not normally do.

Cyber-related attacks featuring social engineering come in many forms. Phishing is one of the most common and can appear in many forms. From emails and text messages to strangers roaming the halls of your company headquarters, it’s in every business owner’s best interest to be on guard.

What does the phishing look like?

Phishing emails are growing more sophisticated and tactical in their attacks because there is so much more personal information out in the world and it’s only increasing. In addition, phishing attacks these days like to target corporate HR and financial staff members because the perpetrators are well aware of who controls the money. For cybercriminals, this strategy has been paying off well.

Often targeted is information that provides potential answers to online financial site security questions such as birth date, birth city, mother’s maiden name, first pet’s name, favorite vacation spot, etc. Some phishing attempts are so bold as to attempt to outrightly solicit account numbers or confidential information on the person or corporation’s staff.

On occasion, the cybercriminal isn’t seeking any information at all, but rather, trying to get the recipient to open an attached document or click on a link that would then automatically (and secretly) download and install malware or a keylogger onto the recipient’s device which would ultimately give them the direct access to the sensitive information they seek. Some phishing attacks also involve ransomware which attempts to hold business networks and computer systems hostage for financial gain.

Photo by Austin Distel on Unsplash

Avenues for phishing attacks are not limited to email. Two other methods of phishing widely seen today include “vishing” (phishing by phone elicitation) and “SMSishing” (phishing by SMS text messages). Both have the same goals as more traditional phishing attacks, and smartphones have been shown to be especially vulnerable.

How to defend against social engineering

The first actionable defense is to slow down.

While you can work on keeping less personal information readily available on the Internet, you can’t always control it. What you can control is the pace at which you react or respond to emails, phone calls, or text messages.

Review every situation with intentional care — do not rush. Ask yourself these questions.

  • Am I expecting an email from this person?
  • Am I expecting an attachment?
  • Is this information I should be providing in an email or over the phone?
  • Do I really know who is on the other end of the email, phone call, or text message?
  • Do I know or at least recognize the unaccompanied visitor walking down the hall?

If any of these questions give you pause or you are uncertain of the answer, hold off on reacting. Don’t download the attachment. Don’t provide sensitive information. Instead, investigate the source of the message you’re being asked to respond to and confirm its validity before reacting further. If necessary, consult with your security team members.

How to keep your business safe

When it comes to protecting your business from social engineering, consider the following:

  • Require the use of strong passwords
  • Audit and update security settings across all networks and devices
  • Thoroughly review and research applications and third-party providers
  • Practice care when speaking with strangers (know your customers and employees)
  • Provide security training to corporate and local facilities
  • Remember, there is no delete button on the Internet. Do not post sensitive information or un-scrubbed documents online!
  • If something being offered seems too good to be true, it probably is
  • Hold regular social engineering penetration tests both internally and externally
  • Implement an ‘outside of this organization’ email banner policy on all inbound email originating outside the company

To counter the variety of methods used in social engineering, businesses need to prioritize education and training for employees, clients, and other end users — particularly when it comes to phishing. You could have the very latest inexpensive security tools and equipment but still, be unable to prevent attacks or data breaches so long as your human firewalls remain easily compromised.

Work with your IT team — whether in-house or contracted — on solutions and put into action some or all of the security suggestions offered above.

You owe it to your business as well as your clients to be ever vigilant when it comes to protecting sensitive information.

Thank you for reading. I’d love to share more with you via my Weekly Word Roundup newsletter sent to subscribers every Sunday. It will feature news, productivity tips, life hacks, and links to top stories making the rounds on the Internet. You can unsubscribe at any time.

Cybersecurity
Business
Technology
Advice
Self
Recommended from ReadMedium
avatarJan Kammerath
Why Tech Workers Are Fleeing Germany — A Reality Check

Over the past months and years I have seen a number of friends and colleagues leave Germany for good. Some of them were native Germans…

14 min read
avatarAlexander Nguyen
The resume that got a software engineer a $300,000 job at Google.

1-page. Well-formatted.

4 min read
avatarRickyYang
How to Configure Warning Notifications in Grafana?

Configuring warning notifications in Grafana involves understanding three key concepts:

3 min read
avatarScott Stockdale
How Pieter Levels Makes (At Least) $210K a Month From His Laptop — With Zero Employees

I went through 126.8K tweets & found 7 patterns to Pieter’s success

7 min read
avatarJoe Procopio
Tech Employees Are Beyond Burned Out, and This Time They Need More Than Empty Promises

Morale is in the tank. Quiet quitting is through the roof. Here’s why.

6 min read
avatarSimpler Hacking
How to Steal Okta Administrator Tokens with Modlishka and Reverse-Proxy Phishing Mastery

EvilProxy, Modlishka, Evilginx, EvilGoPhish are all powerful reverse-proxy phishing kits for bypassing modern MFA thru Cookie Stealing.

14 min read